Wednesday, June 3, 05:58
Home security Critical SQL Injection vulnerability to Magento websites. Update immediately!

Critical SQL Injection vulnerability to Magento websites. Update immediately!

Caution! 37 security vulnerabilities have been identified on its platform Magento. The company has recently released new releases content management software.

The Magento owned by Adobe from 2018, has one of the most popular content management system (CMS) that feeds 28% of websites worldwide. So, because there are a lot of chances that many of you belong to 28%, pay close attention.

One of the most critical vulnerabilities concerns SQL Injection, which can be used remotely by unauthorized intruders. For security reasons, Magento developers have decided not to issue technical details about the defect.

The defect, which does not have an identifier CVE but it has an internal label "PRODSECBUG-2198", it could allow hackers to steal sensitive information from vulnerable e-commerce websites, including admin sessions or passwords for dashboards the administrator.

Magento

In addition to SQLi vulnerability, Magento has also repaired it cross-site request (CSRF), cross-site scripting (XSS), remote code execution (RCE) and other defects. However, exploiting the majority of these vulnerabilities requires certification of intruders on the site.

Affected versions of Magento include:

  • Magento Open Source before 9.4.1
  • Magento Commerce before14.4.1
  • Magento Commerce 2.1 before 1.17
  • Magento Commerce 2.2 before 2.8
  • Magento Commerce 2.3 before 3.1

Since Magento sites not only store users' information but also contain customer history and financial information, the defect can lead to catastrophic attacks on the Internet.

Online store owners are urged to upgrade their e-commerce websites to the latest updates as soon as possible before hackers begin to exploit the error to jeopardize your sites and steal your customer's payment card details.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

LIVE NEWS

Samsung Access: Samsung's new service for new Galaxy devices!

Samsung has launched a new subscription service for upgrades, starting with the Galaxy S20 series. The new service, named Samsung ...

Microsoft: The tools that will now be available to everyone!

Microsoft now has the "Virtual Assistant Accelerator" and "Bot Framework Composer" tools for its entire user base. Developers can ...

Sony: Cancel PS5 event due to Floyd case!

The event that Sony had planned for the PS5 on June 4 was postponed indefinitely, due to the deplorable situation that prevails ...

Cisco warns: These Nexus switches have been hit by a serious security flaw

Cisco has warned customers with Nexus switches running NX-OS software to install updates to address a serious flaw ...

Windows 10 May 2020 Update: Get Windows 10 for € 9.09

As we all know, Windows 10 May 2020 Update has been released. It is safer, more reliable and more efficient than ever. It is certain that with ...

Anonymous's hack includes data from previous leaks!

As protests over the death of George Floyd in Minneapolis have spread across the United States, cyberattacks have targeted police ...

Critical Exim errors have been fixed, but many servers are still at risk

The update of Exim mail servers is not fast enough and the members of the Russian hacker Sandworm team are actively exploiting three critical ...

New Cisco vulnerability that concerns you!

A new critical Cisco vulnerability has been identified that concerns you: For those who don't know, Cisco recently announced that some of the servers ...

Antifa tweets from extreme rightists call for violence!

The "Antifa tweets" that flooded Twitter and promoted violence, actually came from a well-known far-right group! The information came in ...

Apple introduces the new USB-C Diagnostic Tool

Apple introduces the new USB-C Diagnostic Tool. See the new features: Apple finally brings the new internal USB-C Diagnostic Tool, ...